Combined Authentication release notes for upgrades from Yokohama to Australia

How to use this page

To help you prepare for your upgrade, we have combined the cross-family Authentication release notes onto one page. Read this summary of the new features, changes, and updated information for your product from Yokohama to Australia.

Tip:

If there were no updates for a release notes section in a certain family release, we included a short note for your reference. For example, if a product did not have any updates in Tokyo, the row says "No updates for this release."

Important information for upgrading Authentication to Australia

Before you upgrade to Australia, review these pre- and post-upgrade tasks and complete the tasks as needed.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

New features

Between your current release family and Australia, new features were introduced for Authentication.


Release	Release notes
Yokohama	Continuous Authentication Use Continuous Authentication to require step-up authentication or re-authentication to the users before allowing access to sensitive or high-privilege information. OAuth Grant Types for MID Server Use the Authorization code, resource owner password credential, SAML bearer, and JWT bearer OAuth grant types of OAuth for outbound integration requests through the MID Server. Personal Auth is also supported through the MID server. MID Servers facilitate communication and data movement between a single ServiceNow® instance and external applications, data sources, and services.
Zurich	Machine Identity Console Manage your inbound integration with ServiceNow's Machine Identity Console. Inbound integration in Machine Identity Console provides a simplified configuration experience for your inbound integrations. Multi-factor Authentication dashboard Use the new MFA Dashboard to understand insights such as MFA user enrollment, privileged admins who haven't opted in to MFA, and compliance. You can verify that all users have MFA enabled for enhanced security with the help of the MFA Dashboard. Multi-factor Authentication Guided Setup Use the new MFA Guided setup to configure multi-factor Authentication (MFA) for users who currently log in to ServiceNow with only a user name and password. This update enhances security by guiding administrators through the MFA setup process and verifying that all users are protected with an additional layer of authentication. Attributes for OIDC Use the Identity Provider (IDP) Attributes received from the OIDC response from the Identity Provider as a filter criteria for authentication.
Australia	Authentication factors for AI voice service Enable caller access to AI voice agents by configuring the required identification and authentication factors. Web Embeddables Secure the web embeddables feature for authenticating the ServiceNow®'s web components that are used in third-party portals. Granular admin roles The granular admin role enables developers and administrators to complete administrative configuration tasks for Authentication without requiring the full admin role.

Changes

Between your current release family and Australia, some changes were made to existing Authentication features.


Release	Release notes
Yokohama	MFA enforcement MFA is mandated and is enforced to all the non-SSO login users accessing ServiceNow®.
Zurich	Enhanced SSO login and logout experience Use the enhanced SSO login and logout experience. Enhancement includes: Display of active SAML and OIDC Identity Providers (IdPs) on the ServiceNow platform and portal login pages. Assign users to specific groups during SAML and OIDC auto-provisioning. Set up OIDC with the same well-known URL. The OIDC configurations can use the same well-known URL of the IdPs for multiple SSO records. Display login failure reasons to the users who logged out of ServiceNow due to session expiry or other reasons. Use the login link on the external logout page to again log in to ServiceNow in case of successful logout. Display of a generic error message for unsuccessful single log out. Enhanced email notifications for SAML certificate and Encryption Key store update. FIDO2 as an MFA factor Use the FIDO factor policy to enforce FIDO (Hardware key or Biometric as second factor for authentication) as second factor authentication to users who attempt to log in to the instance. OAuth integrations Configure OAuth integration that includes the following enhancements: You can provide a maximum client secret length up to 4096 characters to meet security requirements of the third-party systems. You can provide a JSON Web Key Set (JWKS) URL to automatically manage and update the public key for JSON Web Tokens (JWT) signature validation. You can request OAuth tokens using the JWT grant type signed with Elliptic Curve Digital Signature Algorithm (ES) signing algorithms, including ES256, ES384, and ES512, for inbound JSON Web Tokens (JWT). It also supports RS256, RS384, RS512, HS256, HS384, and HS512. You can customize the JWT ID (JTI) claim name in both inbound OpenID Connect (OIDC) and JWT Bearer flows.
Australia	OAuth enhancements Following are the OAuth enhancements: Use Opaque or JWT token option for your inbound integration endpoints. Use the Allow access only to APIs in selected scope option to enable access to the APIs that are explicitly listed in the selected scopes for your inbound integrations. Use the OAuth Entity Resource tab for outbound integrations to configure resource parameters so they flow into the OAuth token request and are reflected in the token from your OAuth provider.

Removed

Between your current release family and Australia, some Authentication features or functionality were removed.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Deprecations

Between your current release family and Australia, some Authentication features or functionality were deprecated.


Release	Release notes
Yokohama	No updates for this release.
Zurich	Due to the launch of new simplified inbound integration configuration in Machine Identity Console, the following inbound integrations configurations in the Application registry page are deprecated: OAuth API endpoint for external clients OAuth JWT API endpoint for external clients OIDC provider to verify ID tokens
Australia	No updates for this release.

Activation information

Review information on how to activate Authentication.


Release	Release notes
Yokohama	Authentication is a ServiceNow AI Platform product that is active by default.
Zurich	Authentication is a ServiceNow AI Platform product that is active by default.
Australia	Authentication is a ServiceNow AI Platform product that is active by default.

Additional requirements

If any additional requirements were introduced or changed for Authentication we have noted them here.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Browser requirements

If any specific browser requirements were introduced or changed for Authentication we have noted them here.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Accessibility information

Review details on accessibility information for Authentication, such as specific requirements or compliance levels.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	Coral theme Coral is now the default theme for new portal, web, and mobile experiences with Next Experience or Core UI enabled. This theme provides a fresh look and feel, featuring brand-neutral illustrations to enhance your user experience. A dark theme option is available for web and mobile experiences.

Localization information

If there are specific localization considerations for Authentication we have noted them here.


Release	Release notes
Yokohama	No updates for this release.
Zurich	No updates for this release.
Australia	No updates for this release.

Highlight information

If there are specific highlight considerations for Authentication we have noted them here.


Release	Release notes
Yokohama	Yokohama Patch 11 Authentication factors for AI voice service Enable caller access to AI voice agents by configuring the required identification and authentication factors. OAuth enhancements Following are the OAuth enhancements: Use Opaque or JWT token option for your inbound integration endpoints. Use the Allow access only to APIs in selected scope option to enable access to the APIs that are explicitly listed in the selected scopes for your inbound integrations. Use the OAuth Entity Resource tab for outbound integrations to configure resource parameters so they flow into the OAuth token request and are reflected in the token from your OAuth provider. Provider name for Inbound integrations Use the Provider name field to enter the details of your inbound integrations to distinguish between different inbound integrations on your ServiceNow AI Platform®. Update the Provider name in your API integrations to improve monitoring capabilities: For OAuth integrations, update the provider name using the Provider name field. To know more, see OAuth Inbound. For Basic authentication integrations, update the Provider name in the integration registration form. Yokohama Patch 7 OAuth token enhancement Use Opaque or JWT token option for your inbound integration endpoints. Yokohama Use Continuous Authentication to require step-up authentication or re-authentication to the users before allowing access to sensitive or high-privilege information. Multi-factor Authentication (MFA) is enforced by default for all non-SSO login to ServiceNow®. Use the Authorization code, resource owner password credential, SAML bearer, and JWT bearer OAuth grant types of OAuth for outbound integration requests through the MID Server. See Authentication for more information.
Zurich	Zurich Patch 7 Knowledge-based factor enhancement for AI voice service Following are the knowledge-based authentication (KBA) enhancements: Voice input support for KBA questions: Configure KBA questions to support Voice as an input type, allowing users to provide spoken responses during identification and authentication. When Voice input is enabled, you can configure the expected format, provide examples, and optionally define a validation pattern using regular expressions. Script-based validation for external systems: Configure KBA answers to validate that are created against external systems using custom scripts through the Script Configuration field. When set to Identification mode, you can write scoped scripts that validate caller identity against external authentication systems instead of internal ServiceNow AI Platform tables. Zurich Patch 4 Authentication factors for AI voice service Enable caller access to AI voice agents by configuring the required identification and authentication factors. OAuth enhancements Following are the OAuth enhancements: Use Opaque or JWT token option for your inbound integration endpoints. Use the Allow access only to APIs in selected scope option to enable access to the APIs that are explicitly listed in the selected scopes for your inbound integrations. Use the OAuth Entity Resource tab for outbound integrations to configure resource parameters so they flow into the OAuth token request and are reflected in the token from your OAuth provider. Zurich Patch 3 Provider name for Inbound integrations Use the Provider name field to enter the details of your inbound integrations to distinguish between different inbound integrations on your ServiceNow AI Platform®. Update the Provider name in your API integrations to improve monitoring capabilities: For OAuth integrations, update the provider name using the Provider name field. To know more, see OAuth inbound. For Basic authentication integrations, update the Provider name in the integration registration form. To know more about the integration registration form, see View dashboard. Zurich Patch 1 OAuth token enhancement Use Opaque or JWT token option for your inbound integration endpoints. Zurich Experience the new Inbound integration configuration in the Machine Identity Console. Use the new MFA Dashboard to understand insights such as MFA user enrollment, privileged admins who haven't opted in to MFA, and compliance. Use the FIDO factor policy to enforce FIDO-based authentication. Use the enhanced SSO login and logout experience. Configure the authentication policies to restrict access, reduce roles, or enforce MFA based on Identity Provider (IdP) attributes that are received from the OIDC response. See Authentication for more information.
Australia	Australia Patch 1 Knowledge-based factor enhancement for AI voice service Following are the knowledge-based authentication (KBA) enhancements: Voice input support for KBA questions: Configure KBA questions to support Voice as an input type, allowing users to provide spoken responses during identification and authentication. When Voice input is enabled, you can configure the expected format, provide examples, and optionally define a validation pattern using regular expressions. Script-based validation for external systems: Configure KBA answers to validate that are created against external systems using custom scripts through the Script Configuration field. When set to Identification mode, you can write scoped scripts that validate caller identity against external authentication systems instead of internal ServiceNow AI Platform tables. Australia Enable caller access to AI voice agents by configuring the required identification and authentication factors. Secure the web embeddables feature for authenticating the ServiceNow®'s web components that are used in third-party portals. Use the granular roles to complete administrative configuration tasks for Authentication without requiring the full admin role. Use the enhanced Auth Scope for your Inbound Integrations. See Authentication for more information.